Skip to content

Commit

Permalink
crypto: ccree - don't copy zero size ciphertext
Browse files Browse the repository at this point in the history 
For decryption in CBC mode we need to save the last ciphertext block
for use as the next IV. However, we were trying to do this also with
zero sized ciphertext resulting in a panic.

Fix this by only doing the copy if the ciphertext length is at least
of IV size.

Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
  • Loading branch information
Gilad Ben-Yossef authored and Herbert Xu committed Jan 25, 2019
1 parent 27649c3 commit 2b5ac17
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion drivers/crypto/ccree/cc_cipher.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -800,7 +800,8 @@ static int cc_cipher_decrypt(struct skcipher_request *req)

memset(req_ctx, 0, sizeof(*req_ctx));

if (ctx_p->cipher_mode == DRV_CIPHER_CBC) {
if ((ctx_p->cipher_mode == DRV_CIPHER_CBC) &&
(req->cryptlen >= ivsize)) {

/* Allocate and save the last IV sized bytes of the source,
* which will be lost in case of in-place decryption.
Expand Down

0 comments on commit 2b5ac17

Please sign in to comment.